You are here

Securiy

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in the Linux kernel.

Software description

linux
- Linux kernel

Details

Jann Horn discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. A local attacker could use this toexpose sensitive information, including kernel memory.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Please note that fully mitigating CVE-2017-5715 (Spectre Variant 2)requires corresponding processor microcode/firmware updates or,in virtual environments, hypervisor updates. On i386 and amd64architectures, the IBRS and IBPB features are required to enable thekernel mitigations. Ubuntu is working with Intel and AMD to providefuture microcode updates that implement IBRS and IBPB as they are madeavailable. Ubuntu users with a processor from a different vendor shouldcontact the vendor to identify necessary firmware updates. Ubuntuwill provide corresponding QEMU updates in the future for users ofself-hosted virtual environments in coordination with upstream QEMU.Ubuntu users in cloud environments should contact the cloud providerto confirm that the hypervisor has been updated to expose the newCPU features to virtual machines.

After a standard system update you need to reboot your computer toapply the necessary changes.

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

LibreOffice would allow unintended access to files over the network.

Software description

libreoffice
- Office productivity suite

Details

It was discovered that =WEBSERVICE calls in a document could be used toread arbitrary files. If a user were tricked in to opening a speciallycrafted document, a remote attacker could exploit this to obtain sensitiveinformation. (CVE-2018-6871)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

CUPS could be made to provide access to printers over the network.

Software description

cups
- Common UNIX Printing System(tm)

Details

Jann Horn discovered that CUPS permitted HTTP requests with the Hostheader set to "localhost.localdomain" from the loopback interface. If auser were tricked in to opening a specially crafted website in their webbrowser, an attacker could potentially exploit this to obtain sensitiveinformation or control printers, via a DNS rebinding attack.(CVE-2017-18190)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Daniel P. Berrange and Peter Krempa discovered that libvirt incorrectlyhandled large QEMU replies. An attacker could possibly use this issue tocause libvirt to crash, resulting in a denial of service. (CVE-2018-5748)

Pedro Sampaio discovered that libvirt incorrectly handled the libnss_dns.somodule. An attacker in a libvirt_lxc session could possibly use this issueto execute arbitrary code. This issue only affected Ubuntu 16.04 LTS andUbuntu 17.10. (CVE-2018-6764)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in QEMU.

Software description

qemu
- Machine emulator and virtualizer

Details

It was discovered that QEMU incorrectly handled guest ram. A privilegedattacker inside the guest could use this issue to cause QEMU to crash,resulting in a denial of service. This issue only affected Ubuntu 14.04 LTSand Ubuntu 16.04 LTS. (CVE-2017-11334)

David Buchanan discovered that QEMU incorrectly handled the VGA device. Aprivileged attacker inside the guest could use this issue to cause QEMU tocrash, resulting in a denial of service. This issue was only addressed inUbuntu 17.10. (CVE-2017-13672)

Thomas Garnier discovered that QEMU incorrectly handled multiboot. Anattacker could use this issue to cause QEMU to crash, resulting in a denialof service, or possibly execute arbitrary code on the host. In the defaultinstallation, when QEMU is used with libvirt, attackers would be isolatedby the libvirt AppArmor profile. This issue only affected Ubuntu 14.04 LTSand Ubuntu 16.04 LTS. (CVE-2017-14167)

Eric Blake discovered that QEMU incorrectly handled memory in theNBD server. An attacker could use this issue to cause the NBD server tocrash, resulting in a denial of service. This issue only affected Ubuntu17.10. (CVE-2017-15118)

Eric Blake discovered that QEMU incorrectly handled certain options to theNBD server. An attacker could use this issue to cause the NBD server tocrash, resulting in a denial of service. This issue only affected Ubuntu14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-15119)

Daniel Berrange discovered that QEMU incorrectly handled the VNC server. Aremote attacker could possibly use this issue to consume memory, resultingin a denial of service. This issue was only addressed in Ubuntu 17.10.(CVE-2017-15124)

Carl Brassey discovered that QEMU incorrectly handled certain websockets. Aremote attacker could possibly use this issue to consume memory, resultingin a denial of service. This issue only affected Ubuntu 17.10.(CVE-2017-15268)

Guoxiang Niu discovered that QEMU incorrectly handled the Cirrus VGAdevice. A privileged attacker inside the guest could use this issue tocause QEMU to crash, resulting in a denial of service. (CVE-2017-15289)

Cyrille Chatras discovered that QEMU incorrectly handled certain PS2 valuesduring migration. An attacker could possibly use this issue to cause QEMUto crash, resulting in a denial of service, or possibly execute arbitrarycode. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.(CVE-2017-16845)

It was discovered that QEMU incorrectly handled the Virtio Vringimplementation. An attacker could possibly use this issue to cause QEMU tocrash, resulting in a denial of service. This issue only affected Ubuntu16.04 LTS and Ubuntu 17.10. (CVE-2017-17381)

Eric Blake discovered that QEMU incorrectly handled certain roundingoperations. An attacker could possibly use this issue to cause QEMU tocrash, resulting in a denial of service. This issue only affected Ubuntu14.04 LTS and Ubuntu 16.04 LTS. (CVE-2017-18043)

Jiang Xin and Lin ZheCheng discovered that QEMU incorrectly handled theVGA device. A privileged attacker inside the guest could use this issue tocause QEMU to crash, resulting in a denial of service. (CVE-2018-5683)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Quagga.

Software description

quagga
- BGP/OSPF/RIP routing daemon

Details

It was discovered that a double-free vulnerability existed in theQuagga BGP daemon when processing certain forms of UPDATE message.A remote attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2018-5379)

It was discovered that the Quagga BGP daemon did not properly boundscheck the data sent with a NOTIFY to a peer. An attacker could use thisto expose sensitive information or possibly cause a denial of service.This issue only affected Ubuntu 17.10. (CVE-2018-5378)

It was discovered that a table overrun vulnerability existed in theQuagga BGP daemon. An attacker in control of a configured peer coulduse this to possibly expose sensitive information or possibly causea denial of service. (CVE-2018-5380)

It was discovered that the Quagga BGP daemon in some configurationsdid not properly handle invalid OPEN messages. An attacker in controlof a configured peer could use this to cause a denial of service(infinite loop). (CVE-2018-5381)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Erlang.

Software description

erlang
- Concurrent, real-time, distributed functional language

Details

It was discovered that the Erlang FTP module incorrectly handled certainCRLF sequences. A remote attacker could possibly use this issue to injectarbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-1693)

It was discovered that Erlang incorrectly checked CBC padding bytes. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-2774)

It was discovered that Erlang incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeErlang to crash, resulting in a denial of service, or execute arbitrarycode. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253)

Hanno Böck, Juraj Somorovsky and Craig Young discovered that the Erlangotp TLS server incorrectly handled error reporting. A remote attacker couldpossibly use this issue to perform a variation of the Bleichenbacher attackand decrypt traffic or sign messages. (CVE-2017-1000385)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

AdvanceCOMP could be made to crash or run programs if it opened a specially
crafted file.

Software description

advancecomp
- collection of recompression utilities

Details

Joonun Jang discovered that AdvanceCOMP incorrectly handled certainmalformed zip files. If a user or automated system were tricked intoprocessing a specially crafted zip file, a remote attacker could causeAdvanceCOMP to crash, resulting in a denial of service, or possiblyexecute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to gain additional privileges, bypass same-origin restrictions, or execute arbitrary code. (CVE-2018-5105,CVE-2018-5113, CVE-2018-5116)

A security issue was discovered with the developer tools. If a user were tricked in to opening a specially crafted website with the developer tools open, an attacker could potentially exploit this to obtain sensitive information from other origins. (CVE-2018-5106)

A security issue was discovered with printing. An attacker could potentially exploit this to obtain sensitive information from local files. (CVE-2018-5107)

It was discovered that manually entered blob URLs could be accessed by subsequent private browsing tabs. If a user were tricked in to entering a blob URL, an attacker could potentially exploit this to obtain sensitive information from a private browsing context. (CVE-2018-5108)

It was discovered that dragging certain specially formatted URLs to the addressbar could cause the wrong URL to be displayed. If a user were tricked in to opening a specially crafted website and dragging a URL to the addressbar, an attacker could potentially exploit this to spoof the addressbar contents. (CVE-2018-5111)

It was discovered that WebExtension developer tools panels could open non-relative URLs. If a user were tricked in to installing a specially crafted extension and running the developer tools, an attacker could potentially exploit this to gain additional privileges. (CVE-2018-5112)

It was discovered that ActivityStream images can attempt to load local content through file: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another vulnerability that allowed sandbox protections to be bypassed, in order to obtain sensitive information from local files. (CVE-2018-5118)

It was discovered that the reader view will load cross-origin content in violation of CORS headers. An attacker could exploit this to bypass CORS restrictions. (CVE-2018-5119)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

WavPack could be made to crash if it opened a specially crafted
file.

Software description

wavpack
- audio codec (lossy and lossless) - encoder and decoder

Details

Hanno Böck discovered that WavPack incorrectly handled certainWV files. An attacker could possibly use this to cause a denialof service. This issue only affected Ubuntu 14.04 LTS and Ubuntu16.04 LTS. (CVE-2016-10169)

Joonun Jang discovered that WavPack incorrectly handled certainRF64 files. An attacker could possibly use this to cause a denialof service. This issue only affected Ubuntu 17.10. (CVE-2018-6767)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in PHP.

Software description

php5
- HTML-embedded scripting language interpreter

Details

It was discovered that PHP incorrectly handled the PHAR 404 error page. Aremote attacker could possibly use this issue to conduct cross-sitescripting (XSS) attacks. (CVE-2018-5712)

It was discovered that PHP incorrectly handled memory when unserializingcertain data. A remote attacker could use this issue to cause PHP to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2017-12933)

It was discovered that PHP incorrectly handled 'front of' and 'back of'date directives. A remote attacker could possibly use this issue to obtainsensitive information. (CVE-2017-16642)

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

Exim could be made to crash or run programs if it received specially
crafted network traffic.

Software description

exim4
- Exim is a mail transport agent

Details

Meh Chang discovered that Exim incorrectly handled memory in certaindecoding operations. A remote attacker could use this issue to cause Eximto crash, resulting in a denial of service, or possibly execute arbitrarycode.

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

MiniUPnP could be made to crash or run programs if it received specially
crafted network traffic.

Software description

miniupnpc
- UPnP IGD client lightweight library

Details

It was discovered that MiniUPnP incorrectly handled memory. A remoteattacker could use this issue to cause a denial of service or possiblyexecute arbitrary code with privileges of the user running an applicationthat uses the MiniUPnP library.

Update instructions

The problem can be corrected by updating your system to the following
package version:

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 17.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

Summary

Spectre mitigations were added to libvirt.

Software description

libvirt
- Libvirt virtualization toolkit

Details

It was discovered that microprocessors utilizing speculative executionand branch prediction may allow unauthorized memory reads via sidechannelattacks. This flaw is known as Spectre. An attacker in the guest could usethis to expose sensitive guest information, including kernel memory.

This update allows libvirt to expose new CPU features added by microcodeupdates to guests. On amd64 and i386, new CPU models that match the updatedmicrocode features were added with an -IBRS suffix. Certain environmentswill require guests to be switched manually to the new CPU models aftermicrocode updates have been applied to the host.

Update instructions

The problem can be corrected by updating your system to the following
package version: